US8607071B2ActiveUtilityA1

Preventing replay attacks in encrypted file systems

59
Assignee: KEOHANE SUSANN MARIEPriority: Feb 20, 2008Filed: Feb 20, 2008Granted: Dec 10, 2013
Est. expiryFeb 20, 2028(~1.6 yrs left)· nominal 20-yr term from priority
H04L 63/0428H04L 9/3236H04L 9/3271H04L 63/12H04L 9/0891H04L 9/002G06F 21/6218
59
PatentIndex Score
1
Cited by
11
References
16
Claims

Abstract

Replay attacks in an encrypted file system are prevented by generating a session key and providing the session key to one or more drive managers and an encrypted file system process. When a drive request is received by the encrypted file system process the drive request is encrypted using the generated session key. The encrypted drive request is sent to a drive manager. The drive manager attempts to decrypt the drive request using the session key. If the encrypted drive request is successfully decrypted, then the drive manager performs the requested operation. On the other hand, if the request is not decrypted successfully, then the request is not performed by the drive manager. Drive managers can include both disk device drivers and a logical volume managers.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method to prevent replay attacks in an encrypted file system (EFS), the method comprising:
 generating a session key; 
 providing the session key to a plurality of drive managers and an encrypted file system process; 
 determining, by each of the drive managers, if the session key is an updated session key that is part of a key renewal request; 
 in response to determining that the session key is an updated session key that is part of a key renewal request, performing, by the drive managers, the following:
 decrypting, at each of the drive managers, the updated session key; and 
 after the decrypting, replacing a current session key with the updated session key at each of the drive managers; 
 
 in response to determining that the session key is not an updated session key that is part of a key renewal request, storing, at the drive managers, the session key in further response to determining that user access to a computer system that is utilizing the encrypted file system is currently inhibited; 
 in response to determining that the session key is not an updated session key that is part of a key renewal request, and that user access to the computer system that is utilizing the encrypted file system is not currently inhibited, logging an attempt to circumvent session key security; 
 receiving a drive request at the encrypted file system process; 
 encrypting the drive request using the generated session key provided to the encrypted file system process; 
 sending the encrypted drive request to a selected one of the drive managers, wherein the selected drive manager performs steps of:
 attempting to decrypt the drive request using the session key provided to the selected drive manager; and 
 performing the drive request in response to the decrypt attempt successfully decrypting the encrypted drive request, wherein the drive request is not performed in response to an unsuccessful decryption attempt. 
 
 
     
     
       2. The method of  claim 1  further comprising:
 inhibiting user logons until after the session key has been generated and provided to the drive managers and the encrypted file system process. 
 
     
     
       3. The method of  claim 1  further comprising:
 generating, by the encrypted file system, the updated session key after a period of time has expired since the generation of the current session key; 
 encrypting, by the encrypted file system, the updated session key using the current session key; 
 sending the encrypted updated session key from the encrypted file system to the drive managers, as part of the key renewal request. 
 
     
     
       4. The method of  claim 1 , wherein the selected drive manager is a logical volume manager, and the method further comprises:
 after performing the drive request by the logical volume manager, requesting a disk drive operation by the logical volume manager, the requesting including:
 encrypting the disk drive operation request using the session key; and 
 sending the encrypted disk drive operation request from the logical volume manager to a disk device driver. 
 
 
     
     
       5. The method of  claim 4  further comprising:
 receiving at the disk device driver, the encrypted disk drive operation request; 
 decrypting, by the disk device driver, the encrypted disk drive operation request; and 
 performing, by the disk device driver, the decrypted disk drive operation request. 
 
     
     
       6. The method of  claim 1  further comprising:
 calculating, by the encrypted file system process, a hash value corresponding to the drive request, wherein the drive request is a write request and includes data to be written to a nonvolatile storage device; 
 including the hash value and the data to be written in the drive request; 
 receiving, at the selected drive manager, the encrypted drive request that includes the hash value and the data to be written; and 
 writing, by the selected drive manager, the hash value and the data to be written to the nonvolatile storage device. 
 
     
     
       7. The method of  claim 1  wherein the drive request is a read request and wherein the method further comprises:
 reading, by the selected drive manager, data from a nonvolatile storage device and a stored hash value that corresponds to the data; 
 returning the data and the stored hash value to the encrypted file system process; 
 calculating, by the encrypted file system process, a hash value corresponding to data, 
 returning the data in response to the calculated hash value being equal to the stored hash value; and 
 causing an error in response to the calculated hash value being different than the stored hash value. 
 
     
     
       8. A information handling system comprising:
 one or more processors; 
 a memory accessible by at least one of the processors; 
 a nonvolatile storage area accessible by at least one of the processors; 
 a set of instructions stored in the memory and executed by at least one of the processors in order to perform actions of: 
 generating a session key; 
 providing the session key to a plurality of drive managers and an encrypted file system process; 
 determining, by each of the drive managers, if the session key is an updated session key that is part of a key renewal request; 
 in response to determining that the session key is an updated session key that is part of a key renewal request, perform, by the drive managers, the following:
 decrypting, at each of the drive managers, the updated session key; and 
 after the decrypting, replacing a current session key with the updated session key at each of the drive managers; 
 
 in response to determining that the session key is not an updated session key that is part of a key renewal request, storing, at the drive managers, the session key in further response to determining that user access to a computer system that is utilizing the encrypted file system is currently inhibited; 
 in response to determining that the session key is not an updated session key that is part of a key renewal request, and that user access to the computer system that is utilizing the encrypted file system is not currently inhibited, logging an attempt to circumvent session key security; 
 receiving a drive request at the encrypted file system process; 
 encrypting the drive request using the generated session key provided to the encrypted file system process; 
 sending the encrypted drive request to a selected one of the drive managers, wherein the selected drive manager performs steps of:
 attempting to decrypt the drive request using the session key provided to the selected drive manager; and 
 performing the drive request in response to the decrypt attempt successfully decrypting the encrypted drive request, wherein the drive request is not performed in response to an unsuccessful decryption attempt. 
 
 
     
     
       9. The information handling system of  claim 8  wherein the set of instructions, when executed, cause at least one of the processors to perform further actions comprising:
 inhibiting user logons until after the session key has been generated and provided to the drive managers and the encrypted file system process; 
 logging on one or more users to the computer system that is utilizing the encrypted file system after the session key has been generated and provided to the drive managers and the encrypted file system process; 
 generating, by the encrypted file system, an updated session key after a period of time has expired since the generation of the current session key; 
 encrypting, by the encrypted file system, the updated session key using the current session key; 
 sending the encrypted updated session key from the encrypted file system to the drive managers, as part of the key renewal request. 
 
     
     
       10. The information handling system of  claim 8  wherein the selected drive manager is a logical volume manager and wherein the set of instructions, when executed, cause at least one of the processors to perform further actions comprising:
 after performing the drive request by the logical volume manager, requesting a disk drive operation by the logical volume manager, the requesting including:
 encrypting the disk drive operation request using the session key; and 
 sending the encrypted disk drive operation request from the logical volume manager to a disk device driver; 
 
 receiving at the disk device driver, the encrypted disk drive operation request; 
 decrypting, by the disk device driver, the encrypted disk drive operation request; and 
 performing, by the disk device driver, the decrypted disk drive operation request. 
 
     
     
       11. The information handling system of  claim 8  wherein the set of instructions, when executed, cause at least one of the processors to perform further actions comprising:
 calculating, by the encrypted file system process, a hash value corresponding to the drive request, wherein the drive request is a write request and includes data to be written to a nonvolatile storage device; 
 including the hash value and the data to be written in the drive request; 
 receiving, at the selected drive manager, the encrypted drive request that includes the hash value and the data to be written; and 
 writing, by the selected drive manager, the hash value and the data to be written to the nonvolatile storage device. 
 
     
     
       12. The information handling system of  claim 8  wherein the drive request is a read request and wherein the set of instructions, when executed, cause at least one of the processors to perform further actions comprising:
 reading, by the selected drive manager, data from a nonvolatile storage device and a stored hash value that corresponds to the data; 
 returning the data and the stored hash value to the encrypted file system process; 
 calculating, by the encrypted file system process, a hash value corresponding to data, 
 returning the data in response to the calculated hash value being equal to the stored hash value; and 
 causing an error in response to the calculated hash value being different than the stored hash value. 
 
     
     
       13. A computer program product stored in a computer readable memory device, comprising functional descriptive material that, when executed by an information handling system, causes the information handling system to perform actions that include:
 generating a session key; 
 providing the session key to a plurality of drive managers and an encrypted file system process; 
 determining, by each of the drive managers, if the session key is an updated session key that is part of a key renewal request; 
 in response to determining that the session key is an updated session key that is part of a key renewal request, performing, by the drive managers, the following:
 decrypting, at each of the drive managers, the updated session key; and 
 after the decrypting, replacing a current session key with the updated session key at each of the drive managers; 
 
 in response to determining that the session key is not an updated session key that is part of a key renewal request, storing, at the drive managers, the session key in further response to determining that user access to a computer system that is utilizing the encrypted file system is currently inhibited; 
 in response to determining that the session key is not an updated session key that is part of a key renewal request, and that user access to the computer system that is utilizing the encrypted file system is not currently inhibited, logging an attempt to circumvent session key security; 
 receiving a drive request at the encrypted file system process; 
 encrypting the drive request using the generated session key provided to the encrypted file system process; 
 sending the encrypted drive request to a selected one of the drive managers, wherein the selected drive manager performs steps of:
 attempting to decrypt the drive request using the session key provided to the selected drive manager; and 
 performing the drive request in response to the decrypt attempt successfully decrypting the encrypted drive request, wherein the drive request is not performed in response to an unsuccessful decryption attempt. 
 
 
     
     
       14. The computer program product of  claim 13  further comprising functional descriptive material that causes the data processing system to perform additional actions that include:
 inhibiting user logons until after the session key has been generated and provided to the drive managers and the encrypted file system process; 
 logging on one or more users to a computer system that is utilizing the encrypted file system after the session key has been generated and provided to the drive managers and the encrypted file system process; 
 generating, by the encrypted file system, an updated session key after a period of time has expired since the generation of the current session key; 
 encrypting, by the encrypted file system, the updated session key using the current session key; 
 sending the encrypted updated session key from the encrypted file system to the drive managers, as part of the key renewal request. 
 
     
     
       15. The computer program product of  claim 13  wherein the selected drive manager is a logical volume manager and further comprising functional descriptive material that causes the data processing system to perform additional actions that include:
 after performing the drive request by the logical volume manager, requesting a disk drive operation by the logical volume manager, the requesting including:
 encrypting the disk drive operation request using the session key; and 
 sending the encrypted disk drive operation request from the logical volume manager to a disk device driver; 
 
 receiving at the disk device driver, the encrypted disk drive operation request; 
 decrypting, by the disk device driver, the encrypted disk drive operation request; and 
 performing, by the disk device driver, the decrypted disk drive operation request. 
 
     
     
       16. The computer program product of  claim 13  further comprising functional descriptive material that causes the data processing system to perform additional actions that include:
 reading, by the selected drive manager, data from a nonvolatile storage device and a stored hash value that corresponds to the data; 
 returning the data and the stored hash value to the encrypted file system process; 
 calculating, by the encrypted file system process, a hash value corresponding to data, 
 returning the data in response to the calculated hash value being equal to the stored hash value; and 
 causing an error in response to the calculated hash value being different than the stored hash value.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.